burrow/store-metadata/app-store-connect
Conrad Kramer ff4896a901
Some checks failed
Build Rust / Cargo Test (push) Successful in 4m2s
Build Site / Next.js Build (push) Failing after 4s
Lint Governance / BEP Metadata (push) Successful in 1s
Keep internal TestFlight off external beta review
2026-06-07 20:34:59 -07:00
..
testflight Wire Forge-native release infrastructure 2026-06-07 05:51:12 -07:00
README.md Keep internal TestFlight off external beta review 2026-06-07 20:34:59 -07:00

App Store Connect Metadata

This directory is the repo-owned home for Burrow App Store Connect metadata.

The release upload lane expects dedicated App Store Connect API credentials sealed with agenix:

  • secrets/apple/appstore-connect.env.age

That single secret contains the key ID, issuer ID, and base64-encoded .p8. CI decrypts it into a temporary App Store Connect key file, syncs provisioning profiles from App Store Connect, and then uploads .ipa/.pkg artifacts. Forgejo secrets should only provide the runner age identity fallback, not the App Store key itself.

The initial release pipeline can upload .ipa and .pkg artifacts once the Apple build lane produces signed outputs. Internal TestFlight distribution waits for processing and skips external beta-review submission; App Store Connect then exposes the valid build through the configured internal tester group. TestFlight external distribution must remain explicit until review metadata, groups, and tester policy are complete.